#!/bin/bash
clear

RED="\033[31m"    # Error message
GREEN="\033[32m"  # Success message
YELLOW="\033[33m" # Warning message
BLUE="\033[36m"   # Info message
RESET='\033[0m'

if [ "$EUID" -ne 0 ]; then
  echo -e "${RED} Anda tiada kebenaran untuk menjalankan skrip ini! ${RESET}"
  exit 1
fi

echo
echo-e "${BLUE} Sebelum meneruskan persediaan dan pemasangan di ${RESET}"
echo-e "${BLUE} dalam pelayan anda, kami perlu bertanya anda    ${RESET}"
echo-e "${BLUE} beberapa soalan dahulu, maklumat ini diperlukan ${RESET}"
echo-e "${BLUE} untuk pemasangan pakej dalam pelayan anda.      ${RESET}"
echo
read -p "Sila masukkan nama domain: " DomainName
read -p "Sila masukkan alamat emel: " EmailAddr
read -p "Sila masukkan nama pengguna: " UserName
read -p "Sila masukkan kata laluan: " UserPass
echo
echo "DOMAIN=$DomainName" >/usr/local/.environment
echo "EMAIL=$EmailAddr" >>/usr/local/.environment
echo "USERNAME=$UserName" >>/usr/local/.environment
echo "PASSWORD=$UserPass" >>/usr/local/.environment

userName=$(cat /usr/local/.environment | grep 'USERNAME' | cut -d '=' -f 2)
userPass=$(cat /usr/local/.environment | grep 'PASSWORD' | cut -d '=' -f 2)
useradd $userName
usermod -s /bin/false $userName
echo -e "$userPass\n$userPass" | passwd $userName &>/dev/null
sleep 10
clear

if [[ -s /etc/selinux/config ]] && grep 'SELINUX=enforcing' /etc/selinux/config; then
  sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config
  setenforce 0
fi

echo 'deb http://ftp.debian.org/debian buster-backports main' >/etc/apt/sources.list.d/buster-backports.list

apt-get update && apt-get -y upgrade
dependencies=('r-base' 'build-essential' 'cmake' 'automake' 'curl' 'git' 'libnss3' 'socat' 'uuid-runtime' 'jq' 'qrencode')
for dep in "${dependencies[@]}"; do
  apt-get install -y $dep
done

timedatectl set-timezone Asia/Kuala_Lumpur

add-shell /bin/false
add-shell /usr/bin/false
add-shell /usr/sbin/nologin

echo "" >/etc/motd
wget -q -O /etc/update-motd.d/10-uname 'https://raw.githubusercontent.com/cybertize/debian/buster/sources/banner'
wget -q -O /etc/issue.net 'https://raw.githubusercontent.com/cybertize/debian/buster/sources/message'

echo '# Configuration file for setting system variables
kernel.printk = 3 4 1 3
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv4.ip_forward=1
#net.ipv6.conf.all.forwarding=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
fs.file-max = 51200

net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
# net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_congestion_control = hybla' >/etc/sysctl.conf
sysctl -p &>/dev/null

wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/nginx.sh' | bash
wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/dropbear.sh' | bash
wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/openvpn.sh' | bash
wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/shadowsocks.sh' | bash
# wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/shadowsocksr.sh' | bash
# wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/trojan.sh' | bash
# wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/v2ray.sh' | bash
# wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/xray.sh' | bash
# wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/wireguard.sh' | bash
# wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/ohpserver.sh' | bash
# wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/websocket.sh' | bash
wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/stunnel.sh' | bash
wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/squid.sh' | bash
# wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/naiveproxy.sh' | bash
# wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/tinyproxy.sh' | bash
# wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/haproxy.sh' | bash
wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/badvpn.sh' | bash
wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/packages/webmin.sh' | bash
wget -q -O - 'https://raw.githubusercontent.com/cybertize/debian/buster/plugins/plugins.sh' | bash

function firewall {
  sleep 10
  apt-get -y -qq install fail2ban
  cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

  # ddos-deflates
  apt-get -y -qq install dnsutils net-tools tcpdump dsniff grepcidr
  wget -q https://github.com/jgmdev/ddos-deflate/archive/master.zip -O /root/ddos.zip
  unzip /root/ddos.zip && rm /root/ddos.zip
  cd /root/ddos-deflate-master
  ./install.sh
  systemctl enable ddos
  systemctl start ddos

  DEBIAN_FRONTEND=noninteractive apt-get -y -qq install iptables-persistent
  iptables -P INPUT ACCEPT
  iptables -P FORWARD ACCEPT
  iptables -P OUTPUT ACCEPT
  iptables -I INPUT -i lo -j ACCEPT
  iptables -I OUTPUT -i lo -j ACCEPT
  iptables -I INPUT -p all -m state --state NEW,ESTABLISHED -j ACCEPT
  # iptables -I INPUT -p all -m state --state NEW -s 10.1.0.0/24 -j ACCEPT
  # iptables -I INPUT -p all -m state --state NEW -s 10.2.0.0/24 -j ACCEPT
  iptables -A FORWARD -i tun0 -j ACCEPT
  iptables -A FORWARD -i wg -j ACCEPT
  iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/24 -j MASQUERADE
  iptables -t nat -A POSTROUTING -o eth0 -s 10.2.0.0/24 -j MASQUERADE
  # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  iptables -t mangle -A INPUT -m string --string "BitTorrent" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "BitTorrent protocol" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "peer_id=" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string ".torrent" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "announce.php?passkey=" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "torrent" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "announce" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "info_hash" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "get_peers" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "find_node" --algo bm --to 65535 -j DROP

  iptables-save >/etc/iptables/firewall.rules
  iptables-restore -t </etc/iptables/firewall.rules
  netfilter-persistent save
  netfilter-persistent reload
}
firewall

# cleanup files
[[ -f /root/setup.sh ]] && rm -f setup.sh
[[ -d /root/v2ray.sh ]] && rm -f v2ray.sh
[[ -d /root/xray.sh ]] && rm -f xray.sh
[[ -f /root/1.999.130.tar.gz ]] && rm -f 1.999.130.tar.gz
[[ -d /root/badvpn-1.999.130 ]] && rm -r -f badvpn-1.999.130
[[ -d /root/ddos-deflate-master ]] && rm -r -f ddos-deflate-master

apt-get -qq update
apt-get -qq -y upgrade
apt-get -qq -y autoremove
apt-get -qq -y autoclean

clear
echo
echo -e "${GREEN} Tahniah, kami telah selesai dengan pemasangan ${RESET}"
echo -e "${GREEN} pada pelayan anda. Jangan lupa untuk reboot ${RESET}"
echo -e "${GREEN} sistem pelayan anda terlebih dahuulu. ${RESET}"
echo -e "${GREEN} Langkah terakhir adalah dengan check status ${RESET}"
echo -e "${GREEN} services pakej pelayan anda. ${RESET}"
echo
echo -e "${BLUE} =============================================== ${RESET}"
echo -e "${BLUE} Anda boleh gunakan link ini                     ${RESET}"
echo -e "${BLUE} https://m.do.co/c/a28a40414d6ato untuk          ${RESET}"
echo -e "${BLUE} dapatkan \$100 kredit percuma di dalam          ${RESET}"
echo -e "${BLUE} akaun DigitalOcean anda.                        ${RESET}"
echo
echo -e "${BLUE} Anda boleh berikan sumbangan ke                 ${RESET}"
echo -e "${BLUE} https://paypal.me/andiandi1959,                 ${RESET}"
echo -e "${BLUE} Terima kasih.                                   ${RESET}"
echo -e "${BLUE} =============================================== ${RESET}"
echo
